Safe Harbor on Cyber is a 'safe harbor' blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.

Homeantivirus softwareRetRec Open-Source Decompiler Released by Avast to Help All as a Tool to Fight Against Malicious Code

December 17, 2017

RetRec Open-Source Decompiler Released by Avast to Help All as a Tool to Fight Against Malicious Code

Anti-malware company Avast announces the release of RetDec, a retargetable machine code, as open-source software designed to enhance the fight against malicious code.

RetDec is an abbreviation of Retargetable Decompiler, originally developed by Brno University of Technology Institute of Information Technology and AVG Technologies. Avast had acquired AVG Technologies in 2016.

RetDec is now available on GitHub under the MIT license, which means that security professionals can modify their source code and republish it.

RetDec is an LLVM-based, retargetable machine code decompiler that allows experts to perform platform-independent analysis of executables and decompile various ransomware such as Apocalypse, BadBlock, Bart, CrySiS, TeslaCrypt, and more. To revoke unnecessary encryption of victim files.

At Botconf 2017 in France earlier this month, RetDec provided an approximation of converting machine code – the binary executable – into the original source code.

Disassembly Converting Binary Code to Assembly Code – Some Readable Representation of Machine Code – An anti-compiler attempts to go back to a higher-level source code language than to a specific processor – more like C The code is readable.

He said that the existing open source anti-compiler provides an alternative, but these do not always achieve the proper stability, code readability, and quality.

RetDec is not only helpful to security researchers, but also to developers who are interested in working on their code compilation and reverse engineering projects.

RetDec stands for Retargetable Decompiler, which means that it can be used to code different 32-bit architectures such as Intel x86, ARM, MIPS, PIC32 and PowerPC in different formats – ELF, PE, Mach-O, COFF, Original machine code.

As a machine code decompiler, RetDec is not suitable for decompiling bytecode from Java, Python, or .Net source files.

Because the code compilation process discards useful information, the inversion process tends to be far from the original information, just as the lossy algorithm compresses the image and then re-amplifies it.

If the author of the code tries to obfuscate it, decompilation can become more difficult.

This utility includes support for multiple platforms, different architectures, file formats, and compilers.

“The decompiler is not limited to any particular target architecture, operating system or executable file format:

This tool currently only supports Windows (7 or later) and Linux, but prebuilt packages are only for Windows.

RetDec features are:

Static analysis of executable files for details.

Compiler and wrapper detection.

Load and instruction decode.

Signature-based static link library code removal.

Extract and use debugging information (DWARF, PDB).

Rebuild teaching language.

Detect and rebuild C ++ class hierarchies (RTTI, vtables).

Remove symbols from C ++ binaries (GCC, MSVC, Borland).

Refactoring functions, types, and advanced constructs.

Integrated Disassembler.

Output in two high-level languages: C and Python languages.

Generate call graphs, control flow graphs, and various statistics.

Provided by the IDA (Interactive Disassembler) plug-in, the tool can decompile files directly from the IDA disassembler.

RetDec is a powerful utility that allows you to optimize the reconstruction of your original source code by using a large number of supported architectures and file formats, as well as internal heuristics and decoding and refactoring applications. “

Avast also provides web services decompiled in the browser, an IDA plug-in, and a REST API that allow you to create applications that can interact with RetDec via HTTP requests.

RetDec is the retargetable machine-code decompiler (RetDec) released by the anti-malware firm Avast to boost the fight against malicious codes. The anti-malware company Avast announced the release of retargetable machine-code decompiler (RetDec) as open source in an effort to boost the fight against malicious codes. RetDec, short for Retargetable Decompiler, was originally created as a joint project by the Faculty of Information… Avast releases open sources Machine-Code Decompiler (RetDec) to fight malware

If like to receive more of these curated news alerts then subscribe to my mailing list.

About The Author

cyberwisdom

Pseudo author name by David S. Eng offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. CyberWisdom author curated Cyber Security Information and News Feeds and Articles. He has six years of hands on experiences as the principal researcher for DHS Cybersecurity Pilot Program on cyber threat intelligence, risk management, cyber technologies, web collaboration tools.